框架提供的方式是提供一个授权策略 http://wicket.apache.org/docs/1.4/org/apache/wicket/authorization/IAuthorizationStrategy.html您的应用程序的实例,例如,通过添加到您的应用程序init()
method:
init() {
...
getSecuritySettings().setAuthorizationStrategy(...)
}
Wicket Stuff 上有一个 Wickets 授权功能的工作示例here http://wicketstuff.org/wicket/authorization/,它演示了一些相当复杂的东西。对于非常简单的情况,请查看简单页面授权策略 http://wicket.apache.org/docs/1.4/org/apache/wicket/authorization/strategies/page/SimplePageAuthorizationStrategy.html。在非常基础的层面上,可以像这样使用(取自链接的 Javadoc):
SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy(
MySecureWebPage.class, MySignInPage.class)
{
protected boolean isAuthorized()
{
// Authorize access based on user authentication in the session
return (((MySession)Session.get()).isSignedIn());
}
};
getSecuritySettings().setAuthorizationStrategy(authorizationStrategy);
编辑回应评论
我认为最好的方法是,如果你只是想使用类似的东西SimplePageAuthorizationStrategy
而不是该类本身。我做了这样的事情来捕获使用自定义注释进行注释的页面:
IAuthorizationStrategy authorizationStrategy = new AbstractPageAuthorizationStrategy()
{
protected boolean isPageAuthorized(java.lang.Class<Page.class> pageClass)
{
if (pageClass.getAnnotation(Protected.class) != null) {
return (((MySession)Session.get()).isSignedIn());
} else {
return true;
}
}
};
然后你需要注册一个IUnauthorizedComponentInstantiationListener http://wicket.apache.org/docs/1.4/org/apache/wicket/authorization/IUnauthorizedComponentInstantiationListener.html类似于中所做的简单页面授权策略 http://svn.apache.org/repos/asf/wicket/trunk/wicket/src/main/java/org/apache/wicket/authorization/strategies/page/SimplePageAuthorizationStrategy.java(链接是源代码),应该是这样的:
new IUnauthorizedComponentInstantiationListener()
{
public void onUnauthorizedInstantiation(final Component component)
{
if (component instanceof Page)
{
throw new RestartResponseAtInterceptPageException(MySignInPage.class);
}
else
{
throw new UnauthorizedInstantiationException(component.getClass());
}
}
});